Resilient
In the second session of the Resilient Developer's Corner series, learn about the best ways to define and include your integrations Rules and Workflows in your integration package.
Agenda
- Rules
- Activity Fields
- Conditions
- Workflows
- Properties
- Branching
- Workflow Status
- Action Status
Duration: 26 minutes
Learn about the newest integration and how it can be leveraged in your environment. Utilize data in Resilient the way you want to by leveraging the newly released Data Feeder extension. This extension allows you to maintain “replica” data of a Resilient system for the purposes of reporting. It also allows enhanced accessibility of your data by allowing you to run business intelligence (BI) queries from other tools.
Join Ray Suarez, Product Manager for Resilient, in this month’s update to learn about one of our newest integrations.
Agenda
- Introduction
- The need for SOAR data
- Resilient & Data Feeder Integration
- Resilient Data Storage Overview
- app.config Configuration File
- Specify Incident Range
- A Tour of the App Exchange
- Resilient Actions Demonstration
- Review of the Resilient integrations
- Questions and answers
Duration: 19 minutes
The MITRE ATT&CK Framework is a globally-accessible knowledge base of advisory tactics and techniques based on real-world observations.
The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and services community.
This video provides and overview of the MITRE ATT&CK Framework, followed by a discussion of how IBM Resilient and other IBM Security products use MITRE ATT&CK with a live demonstration and a Q&A.
This is the first session of the multi-part Resilient Developer's
Corner series. As additional parts are published, links will be added to
the Quick references section below.
Learn how to start writing an integration and how to use the template files auto-generated from Resilient functions.
Agenda
- Introduction
- Future recordings in this series
- Requirements
- Integration Taxonomy
- Integration Environment
- Demonstration using Resilient Console
- Customization settings
- Message Destinations
- Functions
- Rules
- Using codegen to automate the generation of Python integration code
- Detailed example of building out an integration in Python
Duration: 30 minutes
This video demonstrates how Resilient Task Helper Functions can help
clean and consolidate notes to improve visibility into completed tasks
and ultimately cut down the time to respond for your security team.
Overview
This course is designed to provide an initial introduction to Resilient Incident Response Program. It will help you understand how Resilient can be integrated in your environment and provide the tools to get started.
Agenda
- Introduction to Resilient
- How Resilient Aligns to your Organization
- Installing & Administering Resilient
- Developing Playbooks
- Resources and Support
Overview
This course covers several alternative mechanisms for authenticating users in the IBM Resilient product, including LDAP, SAML and two-factor authentication.
Agenda
- LDAP authentication
- SAML authentication configuration
- Two-factor authentication
Duration: 22 minutes
Closed captions: English, French, German, Spanish and Japanese
Overview
This course demonstrates how to manage logs in the IBM Resilient appliance. This includes how to configure logging, audit logging and syslog.
Agenda
- 1. Log configuration
- 2. Configuring audit logs
- 3. Configuring syslog
Duration: 8 minutes
Closed captions: English, French, German, Spanish and Japanese
Overview
- Workspace key concepts
- Create workspace
- Delete workspace
This video demonstrates when and how to use rules and workflows configuration objects in Resilient to implement dynamic incident response playbooks.
Agenda
- Introduction
- When to use rules
- When to use workflows
- Summary
Duration: 11 minutes
Overview
Overview
- Automate the escalation and collection of data
- Manage a ransomware attack
- Deal with a data breach involving an inside actor
- Accelerate your Response to Phishing Attacks
Overview
This course covers aspects of managing users and groups in IBM Resilient such as creating users using the Resilient user-interface or by using terminal commands and how to reassign incidents and tasks to a different user.
Agenda
- Creating a user using using the UI
- Creating a user using terminal commands
- Reassigning incidents and tasks
- Enabling LDAP authentication
- Enabling LDAP users in groups and deleting LDAP users
Overview
Closed captions: English, French, German, Spanish and Japanese
Overview
This
course reviews key issues in managing security in IBM Resilient. Topics
cover a broad range of issues such as how to defang a URL, change
ciphers and protocols, how to work with keyvaults, keystores and secrets
as well as how to encrypt and backup the keyvault password.
Agenda
- Defanging URLs
- This video demonstrates how to "defang" your URLs in IBM Resilient to
help assure users do not inadvertently click on malicious links.
- Changing Ciphers and Protocols in IBM Resilient
- This video demonstrates how to change the ciphers and protocol in IBM
Resilient. There is a review of which ciphers and protocols are used by
default using the nmap application, followed by a demonstration of which
files need to be edited in order to adjust the ciphers and protocols
being used.
- Keyvaults, Keystores and Secrets
- This video discusses keyvaults, keystores and secrets within IBM Resilient.
- Encrypting the keyvault password
- This video describes how to encrypt a keyvault password in IBM Resilient. The keyvault password is stored as an unencrypted file by default but can be encrypted using gpg to protect it and decrypted whenever needed.
- Backing up the keyvault
- The keyvault stores all passwords used within IBM Resilient. If the
keyvault were lost, it would result in a considerable loss of data. For
that reason, the Resilient platform runs a backup of keyvault files to
the system database anytime passwords are
added or removed and after each system upgrade. This video shows how
to use the resutil keyvaultrestore command to restore keyvault files from the system database.
Duration: 19 minutes
Closed captions: English, French, German, Spanish and Japanese
Overview
- Configuring SSL/TSL certificates
- Importing the Resilient License Key
- Updating the Resilient Appliance Software
- Installing optional packages
- Setting the time zoneSMTP Email configuration
Overview
The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response
automatically as the incident progresses and is modified.
In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.
Objectives
- Learn the value of IBM Resilient
- Review the introduction video to the IBM Resilient platform
- Learn the IBM Resilient Platform architecture
- Learn about necessary prerequisites
- Review the installation process
- Describe the value of dynamic playbooks
Overview
Getting Started with IBM Resilient
This roadmap is designed to provide an initial introduction to Resilient Incident Response Program.
Overview and install
These courses help you to understand how Resilient can be integrated into your environment and provide the tools to get started.
On-premises setup
Learn how to perform the initial configuration to start using Resilient.
User management and authentication
Learn how to configure user access
Common use cases
Learn about typical scenarios for using Resilient.
Resilient Application Administrator/Saas Administrator (Master Administrator)
These courses teach you how to administer Resilient on both an On premise or SaaS deployment of Resilient SOAR platform
Managing users
Authentication
Setting up the ORG
These courses teach you how to configure the Resilient Organization
Workspaces
Playbook Designer/ Developer
This roadmap instructs the designer in the features available for creating playbooks within Resilient
Foundations of Design
These courses are about using the design components which make up a playbook in the Resilient SOAR platform.
Automation and Integrations
These courses teach you about automation of your playbooks in the Resilient SOAR platform.
Security Analyst
As a Security Analyst you will learn how to manage, use and respond to security events using Resilient playbooks.
Resilient Security Foundations
These courses teach you how to investigate and remediate security incidents using Resilient.
Artifacts and Threat Feeds
These courses will teach you how threat intelligence can perform automatic enrichment for artifacts.
Privacy Officer
As a Privacy Officer/ Analyst you will learn how to configure Resilient Privacy and to manage, use and respond to privacy events in your organization.
Resilient Privacy Foundations
These courses will teach you how to manage and respond to privacy events using Resilient SOAR platform.
Resilient System Administrator (OVA Administrator)
These courses teach you how to install and configure IBM Resilient on both the OVA and BYORHEL on premise deployments